A few months ago Matt Cutts said that the SLL certificate could become a ranking factor for Google. Like everyone else, I started looking into this, first of all to understand what SSL means and why do I need one.
As an SEO consultant I suggested to some of my clients to install SLL on their websites. But not to all of them.
Yes, I think SSL it’s beneficial to most of the websites, but not to all of them.
For example, if you browse a website just to read some articles, to inform yourself, but you don’t have to give any personal data to that website, then you don’t really care if that website has an encrypted connection with you or not.
On the other hand, if the website handles some personal data, then you should double check before having to fill any form.
For example, on TomorrowInternet we don’t have, yet, an SLL certificate installed.We had some discussions about it, but we decided that we can leave it as it is, for now. Most of our visitors read our articles, or get our contact number, or contact us using the contact form.
We don’t really handle any private data – let’s say… the email address, but that’s not really something to worry.
On the other hand, we have SSL installed on own.ie.
A few days ago I’ve been contacted by Lisa Margetis from SingleHop (using the contact form if I’m not wrong), asking me if I’m not interested in publishing an article about why you need to be using secure website encryption if you run a website in 2014.
SingleHop it’s a very well known cloud hosting provider. If I’m not mistaken one of the biggest out there.
They send me a pdf file created by their team about “The Benefits of Using TLS/SSL on Your Website”
A short but pretty straight and forward opinion about SSL.
I first was a bit confused about TLS – just googlit and understood that TSL is the new SSL, SSL 3.0 is actually the TLS 1.0. And that TLS 1.0 is already old… anyway, I will continue refering to it as SLL.
Now, what is SSL?… SSL means that your website address is something like https://tomorrowinternet.com instead of http://tomorrowinternet.com. And the “s” means that the conection with the server is encrypted – the data is not send to the server in plain text – line.
For example, when filling a form, “123” is something like “l21xqYp4Jhs=”
From SingleHop’s doc: TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets
Layer) are internet protocols that enable secure, encrypted connections between your web browser
and the website. Website addresses that use TLS/SSL start out with https (note the “s” for “secure”),
and most modern browsers have a visual indicator of a secure connection, such as an padlock icon.
Now, let me focus a bit on the pros and cons. Let me refer mostly to what SigleHop said:
1. Visitor protection
There are some evil website owners out there, but you’re not one of them. You care about your visitors and you want their personal data and privacy to be safe from nefarious ne’er-do-wells. Adding TLS/SSL is one way to do that.
2. Risk management
Your visitors and customers aren’t the only ones who are at risk from unsecure data – you or your
company may be as well. Sniffers and hackers can potentially steal unencrypted information, which may give them a foothold to access other areas of your network or glean important transaction details. With TLS/SSL, such attacks are much more diffcult.
If visitors feel that their data is unsafe or their privacy can easily be violated, they may avoid your website altogether. Setting up a TLS/SSL certificate is a signal that your website is trustworthy.
4. Payment options
The Payment Card Industry Data Security Standard (PCI DSS) requires TLS/SSL on any website that accepts credit, debit or other card-based payments. If you plan to process payments for products, subscriptions and other services through your website (rather than through a third-party site, like PayPal), TLS/SSL is a must-have.
The only thing I would add here would be the SEO ranking. As I mentioned before, we installed SSL on some websites, and we saw the results in just a few weeks.
5. SEO ranking
Own.ie, for example, got on the first page for a few keywords that we were targeting. Being a new product/website, we didn’t have the chance to see if there was any drop in ranking after installing the ssl. We’ve only seen the good results.
For one of our clients, we had an website hit by both [intlink id=”2077″ type=”post”]Penguin and Panda[/intlink]. Against Panda you can work anytime, but against penguin was a bit more difficult, since we were waiting for un update. The update came, and is still running, but we had the chance to see what’s happening with the ranking because/thanks to the SSL certificate.
For the first two weeks after installing the certificate and setting up the new property on Webmaster tool (also having the 301 redirect for all the pages to https), we saw a drop on ranking. For quite a few keywords, the website disappeared from the hope page. For example, a keyword ranked ~6 on the main page of Google results, we say a drop to page two, position 12-14. After two weeks, the website came back on the first page, ranking second or third (the first result being WikiPedia).
I could come with more examples, but long story short, all the websites have increased their ranking with 2-4 positions after installing SSL.
Now, let’s see the cons, and first I will refer to the ones mentioned by SingleHop:
Why Don’t More Websites Encrypt?
As of October 2014, it’s estimated that only about one-third of the most popular websites
currently use TLS/SSL. There are many reasons why people and companies choose not to
secure their websites. Here are a few of them:
The TLS/SSL protocols require a “certificate” – that is, registration with a trust certificate authority (CA)
who validates that the website is legit. Generally you’ll need to pay for a certificate from a reputable CA. Fortunately, organizations such as the Internet Security Research Group and the Electronic Frontier Foundation are working to provide free, trustworthy TLS certificates through programs like Let’s Encrypt, but there’s still a ways to go before those become available to the general public.
It takes knowledge and a certain amount of technical acuity to properly configure TLS/SSL on a web server. Doing it wrong can make your website look secure without actually being secure, which may be even worse than going without encryption in the first place. Nonetheless, it’s worth spending a few dollars to get a professional to set it up right from the beginning if it’s something that can’t be done yourself or by someone in your company.
It’s generally believed that encryption is computationally intensive, which may mean slower processing and network speeds. Although this can be true in some cases, with modern computer processors, speed is not really an issue – at least, not enough to leave your website traffic insecure.
4. Payment options
Another belief is that TLS/SSL encryption will negatively affect search engine results. This is definitely not true. While it may be a good idea to “noindex” certain portions of an encrypted site, there’s no reason why having secure connections would prevent your site from being generally accessible to search bots. In fact, TLS/SSL may even be an indicator that your site is more authoritative.
Now… I would like to say a few words about the pros:
1. Expense: Indeed, an SSL certificate can cost you up to a few hundred bucks. If you want to use an wildcard certificate you might pay up to a few good thousands. I was looking for an wildcard SLL for both subdomains and addon domains and… look at this:
But I managed to get all my SSL certificates for free. No kidding – but was only for one website. For an wildcard SSL certificate I had to pay 30 dollars or so. So quite cheap. Anyway, free SSL certificates are available even now to the public.
2. Setup – Hm… that wasn’t easy. I got my certificate for free, but I had to learn how to install it. If you buy an certificate from your hosting provider, they will install it for you – at least most of them. But if you want to have a free one, then you have to learn how to install it. I’m not saying it’s too complicated, but it will take you a few hours till you learn how to do it.
3. Speed – SingleHop say it’s not a big issue. – well, somehow it is. I’m not talking about the speed that your visitors will see, but about GoogleSpeed. For example, before installing the certificate I had a score of 87/100 on a website. After adding the s after http I can’t get more than 83/100.
4. Payment options – Normally for all the payment pages I already have “noindex” – but that’s not because of any issues with SEO, but because I don’t want to see my payment pages indexed by any search engine – those pages don’t bring any value to someone looking for info or products on Google.
Also, looks like there are some AdSense issues according to www.seroundtable.com
If you want to add any pros or cons just use the comments for below.